在 SharePoint 2010 中使用 WCF STS Bootstrap 令牌(将结构身份服务器视为 sts 和 ActAs)
有人在使用自定义 STS 时在 SharePoint 2010 中使用过引导令牌吗?我已经为此苦苦挣扎了几个小时。每当我发出 RST 时,我都会收到以下错误消息:
ID4257: X.509 certificate 'CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US' validation failed by the token handler.
我正在使用 SharePoint 2010 和 Thinktecture Identity Server 作为我的 STS,并尝试通过委派调用 WCF 服务。我一切正常,但我无法使用引导令牌让委托工作。
我猜测 SharePoint 一定以某种方式加密了引导令牌?!有什么帮助或指示吗?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您仍然可以通过使用自己的加密证书而不是 Sharepoint STS 来解决此问题。
当 SecurityTokenHandler 尝试验证引导令牌并发现令牌中的证书无效(默认 X509CertificateValidator)时,会引发此异常。
引导令牌中出现的证书将是 SharePoint Security Token Service
解决问题的两种方法 AFAIK
http://msdn.microsoft.com/en-us/library/hh598384%28v=vs.110%29.aspx
You still can solve this problem by using your own encryption certificate and not Sharepoint STS.
This exception is raised by the SecurityTokenHandler when they try validate the bootstrap token and they find that certificate in the token is not valid(default X509CertificateValidator).
Certificate that will be present in the bootstrap token will be SharePoint Security Token Service
Two ways to solve the problem AFAIK
http://msdn.microsoft.com/en-us/library/hh598384%28v=vs.110%29.aspx
通过将 SharePoint STS 证书作为加密证书添加到 sts 已部分解决此问题。另外,使用 SPSecurityContext.SecurityTokenForContext 似乎有助于获取 ActAs 令牌 0,但我并不 100% 确信我已经全部正常工作了!
This was partially resolved by adding the SharePoint STS certificate as an encrypting certificate to the sts. Also using SPSecurityContext.SecurityTokenForContext seems to have helped in getting the ActAs token 0 but I'm not 100% convinced I've got it all working yet!